Forced redirect scareware by DCCBoost

Confiant alerts our customers whenever significant, widespread malvertising attacks occur in the digital advertising ecosystem. In this case, on May 9, 2023 the Confiant threat intelligence team notified clients of an attack by the threat actor we call DCCBoost.

Confiant's threat intelligence team has identified that threat actor DCCBoost is currently serving malicious ads through several sources.

Attack Information

DCCBoost is currently running a forced redirect scareware campaign, targeting the US, Canada and Europe on desktop environments. DCCBoost has been using fake McAfee scareware attacks since late 2021, after a long time spent targeting mobile devices. The current campaign is mostly active on BuckSense via many DSPs.

DCCBoost had been slowly staging a return to ad tech after a period of inactivity through the second half of 2022 with a peak during January 2023. After another spike of activity in March, they have returned via BuckSense with similar tactics and a slightly improved obfuscation (adding a layer of AES encryption to their JavaScript). 

This campaign also uses some additional ways to stay undetected, waiting 5 seconds before activating, and only redirecting on user interaction (scrolling, clicking, key press anywhere on the page).  

When:

The attack started on May 3 and has ramped up during the weekend and through Monday, May 8.

How:

SSPs Impacted:

• MediaGrid
• AdYouLike
• Minute Media
• Smile Wanted
• YieldMo
• IQZone

DSPs impacted:

• LoopMe 
• SmartyAds
• Taipei Digital
• BuckSense

Where:

• Geographies: United States (87%), United Kingdom (9%), Canada (4%)
• Targeting: Desktop - Windows (71%), Mac (27%), Other (2%)
• Reach: Less than 0.5% of impressions in targeted geographies 

Confiant also includes simple step-by-step instructions for our customers on how to protect their sites from this and other similar attacks in every alert, as well as screenshots where available. 

Confiant's ad verification solutions and threat intelligence security attack alerts help defend the digital ad industry by enabling publishers and ad platforms to take back control of the ad experience from threat actors to protect their users. Our solutions protect reputation, revenue, and resources through real-time verification of digital advertisements.

Confiant's technology actively blocks and detects malicious activity, privacy infringements, and low-quality ads. By providing industry-leading protection against malvertising, disruptive ads, and privacy risks Confiant empowers premium ad platforms and publishers with actionable data to ensure the digital ad ecosystem is safe and secure for everyone.

Not part of the Confiant customer community yet? Request a free trial today.